Joget is now more secured secure with advanced hashing implementation for passwords. Joget's password storage is now equipped with The hash function used is SHA-256 . The Salts have been used with hashing. The Hashing with added salt.
The default algorithm being used is PBEWithMD5AndDES for 2-way encryption is PBEWithMD5AndDES. If stronger encryption is required, the encryption implementation can be replaced with a custom DataEncryption implementation in /WEB-INF/classes/customApplicationContext.xml e.g.
<!-- Sample custom DataEncryption implementation --> <bean id="dataEncryption" class="custom.CustomDataEncryptionImpl"> <property name="some_property" value="some_value"/> </bean>
|NOTE: If any encryption key or implementation changes are to be implemented, they must be done right at the beginning of any deployment as all previous encrypted strings would become unreadable.|